Hello All,

Does cancan works without fetching roles data from db?
Can we give permissions accordingly?
Can we configure those roles like enum classes in java or in any config file?


The default setup (all I've ever done) is to configure the various roles in the ability.rb class file. If you look at the documentation or the RailsCast, that's what they start with. As far as looking up the current user to determine what role that user has, CanCan assumes you're using some authentication, which probably means looking up the user from the database, and that the authentication creates a current_user method that returns an object representing that authenticated user. CanCan doesn't get into the business of creating that current_user, though.


Thanks for the reply.

How cancan can be used for restricting the methods in controllers which has no models ?

By dealing with the model that represents current_user or its local equivalent. The controller in question does not have to be the UsersController by any means, as long as you have authenticated at some point, and have a current_user somewhere in your application. Lots more here:


You don't really need to authenticate since you can blanket deny based
on new user.